forked from perfectglitch/zone-ee-lets-encrypt-wildcard
-
Notifications
You must be signed in to change notification settings - Fork 0
/
letsencrypt_add_dns.sh
executable file
·51 lines (40 loc) · 1.61 KB
/
letsencrypt_add_dns.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/bin/bash
# We'll be checking DNS record propagation through Google DNS server since that's what Lets Encrypt currently uses.
GOOGLE_DNS=8.8.8.8
function add_dns_entry(){
# Extract second and top level domain.
# Works for "foo.bar.tld" and "bar.tld", also "*.bar.tld".
DOMAIN=$(echo $(expr match "$CERTBOT_DOMAIN" '.*\.\(.*\..*\)' || expr match "$CERTBOT_DOMAIN" '\(.*\..*\)') | tr -d '\n')
curl --silent -u $ZONE_API_USER:$ZONE_API_KEY \
-H "Content-Type: application/json" -X \
POST https://api.zone.eu/v2/dns/$DOMAIN/txt -d @- <<EOF
{"destination":"$CERTBOT_VALIDATION", "name":"_acme-challenge.$DOMAIN"}
EOF
echo ""
}
function wait_for_dns_propagation(){
echo "Waiting for DNS entry to propagate..."
dig_result=$(dig @$GOOGLE_DNS +short -t txt _acme-challenge.$DOMAIN)
max_retries=90
retry_delay=10
retry_counter=0
while [ -z "$dig_result" ]; do
if [ $retry_counter -gt $max_retries ]; then
echo "Waited for $(($max_retries * $retry_delay)) seconds but didn't see challenge DNS entry. Exiting."
exit 1
fi
sleep $retry_delay && dig_result=$(dig @$GOOGLE_DNS +short -t txt _acme-challenge.$DOMAIN)
retry_counter=$(($retry_counter+1))
done
}
echo "Adding Lets Encrypt DNS challenge entries."
source $(dirname $0)/check_env.sh
add_dns_entry
wait_for_dns_propagation
# Optional sleep, sometimes DNS gets propagated to Google sooner than to Lets Encrypt
if [ -n "$ZONE_RETURN_DELAY" ] && [[ "$ZONE_RETURN_DELAY" =~ ^[0-9]+$ ]]; then
echo "Waiting for $ZONE_RETURN_DELAY extra seconds for the record to propagate..."
sleep $ZONE_RETURN_DELAY
fi
echo "Done adding Lets Encrypt DNS challenge entries."
exit 0